package com.twb.auth.security;

import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.twb.auth.entity.twbApi.TwbApi;
import com.twb.auth.entity.twbProject.TwbProject;
import com.twb.core.base.entity.BaseLoginUser;
import com.twb.core.cache.redis.RedisUtil;
import com.twb.core.config.TwbConfigProperties;
import com.twb.core.exception.AuthorityException;
import com.twb.core.security.TwbSecurityProperties;
import com.twb.core.security.TwbSecurityUtil;
import com.twb.core.security.service.ITokenService;
import com.twb.core.util.BeanUtils;

/**
 * @ClassName TwbSecurityUtil
 * @Description 安全验证工具
 * @author DSY
 * @date 2018年11月3日 下午8:26:08
 */
@Component
public class TwbSystemSecurityUtil {

	@Autowired
	ITokenService twbJwtJedisTokenService;
	@Autowired
	TwbSecurityProperties securityProperties;
	@Autowired
	RedisUtil redisUtil;
	@Autowired
	TwbSecurityUtil twbSecurityUtil;
	@Autowired
	TwbConfigProperties twbConfigProperties;
	/**
	 * @Title  checkUrl
	 * @Class: TwbSecurityUtil.java
	 * @Description 检查用户URL访问权限
	 * @param request
	 * @return
	 * @author DSY
	 * @date 2018年11月3日 下午9:50:19
	 */
	public boolean checkUrl(HttpServletRequest request) {
		String servletPath = request.getServletPath();
		servletPath = StringUtils.substringBeforeLast(servletPath, ".");// 去掉后面的后缀 *.tw *.action之类的
		BaseLoginUser loginUser = twbSecurityUtil.getLoginUser(request);
		if(loginUser.isDeveloper()) {//如果是developer直接跳过权限校验
			return true;
		}
		String key = twbConfigProperties.getLoginApiRedisKey(loginUser.getToken());
		TwbApi twbApi = (TwbApi) redisUtil.getRedisTemplate().opsForHash().get(key, servletPath);
		if(twbApi == null) {
			throw new AuthorityException(servletPath + "无访问权限");
		}
		return true;
	}
	
	/**
	 * @Title checkProject
	 * @Description 验证项目接入权限
	 * @param request
	 * @return
	 * @AuthorOriginally DSY
	 * @date 2022年11月21日 下午9:57:29
	 */
	public boolean checkProject(HttpServletRequest request) {
		// 前端鉴权是否开启，如果开启，进入鉴权操作。
		Boolean projectAuth = securityProperties.getProjectAuth();
		if (!projectAuth) {
			return true;
		}
		String appIdName = securityProperties.getAppIdName();
		String appTokenName = securityProperties.getAppTokenName();
		String appSecretName = securityProperties.getAppSecretName();

		String appId = request.getHeader(appIdName);
		String appToken = request.getHeader(appTokenName);
		String appSecret = request.getHeader(appSecretName);
		// 验证前端是否有接入权限
		boolean validProject = this.validProject(appId, appToken, appSecret);
		if (!validProject) {
			throw new AuthorityException(appId + " 没有接入权限");
		}
		return true;
	}
	
	/**
	 * @Title: validProject
	 * @Description:验证是否为有效项目
	 * @param appId
	 * @param appToken
	 * @param appSecret
	 * @return
	 * @AuthorOriginally DSY
	 * @date 2018年11月27日 下午6:03:54
	 */
	public boolean validProject(String appId, String appToken, String appSecret) {
		String key = twbConfigProperties.getProjectRedisKey();
		List<TwbProject> list = redisUtil.get(key);
		if (CollectionUtils.isNotEmpty(list)) {
			TwbProject project = null;
			
			for (TwbProject twbProject : list) {
				if (twbProject.getAppId().equals(appId)) {
					project = twbProject;
					break;
				}
			}
			
			if (!BeanUtils.isNullOrEmpty(project)) {
				if (project.getStatus().equals("0")) {
					return false;
				}
				if (!project.getAppToken().equals(appToken)) {
					return false;
				}
				if (!project.getAppSecret().equals(appSecret)) {
					return false;
				}
				return true;
			}
		}
		return false;
	}
}
